mcp-censys
mcp-censys is a MCP server that taps into the Censys Search API for real-time domain, IP, and FQDN reconnaissance, now with enhanced MCP Prompt Templates.
Caution
This is intended solely as a demonstration and is not production-ready. It is not an officially supported product.
Overview
mcp-censys turns natural language prompts into targeted Censys queries — surfacing host, DNS, cert, and service information in real-time. It's designed to work with Claude Desktop or any other Model Context Protocol (MCP) client.
Built on the official Censys Python SDK, this lightweight container exposes precise reconnaissance tools through Claude-friendly functions.
[!NEW] MCP Prompt Templates
This version introduces MCP Prompt Templates - predefined instruction sets that guide Claude's analysis of domain data. These templates provide structured guidance on how to organize and present the findings, ensuring consistent, high-quality outputs. Learn more about MCP Prompts.
Features
- Conversational Queries: Natural language access to Censys intel
- Domain and IP Lookup: Get DNS names, ASN, services, and TLS context
- New FQDN Discovery: Find recently seen subdomains from DNS and cert data
- MCP-Compatible Tools: Use directly from Claude Desktop
- MCP Prompt Templates: ✨ Built-in structured guidance templates that instruct Claude exactly how to analyze and present domain data (learn more about MCP Prompts)
- Dockerized with .env support: Secure, repeatable usage
- Lightweight API Client: Based on Censys Python SDK
Tools
- lookup_domain - Get comprehensive IPs, DNS names, services, and ASN info for a domain (aggregates data across all results) with built-in MCP prompts that guide Claude to organize findings into meaningful sections
- lookup_domain_detailed - Return a sample of 3 individual host records with services, ASN, geo, and TLS data, along with information about total available records and structured MCP prompts for comprehensive infrastructure analysis
- lookup_ip - Enrich an IP with DNS, ASN, service info, and TLS metadata
- new_fqdns - Find recently observed FQDNs for a domain (via DNS and certs)
- host_services - List open ports and service banners for a given domain or IP
Quick Start Guide
1. Domain Lookup (lookup_domain
)
Returns complete information by aggregating all IPs, DNS names, service banners, and ASN info tied to a specific domain. Useful for understanding what infrastructure a domain resolves to.
Example:
2. Detailed Domain Lookup (lookup_domain_detailed
)
Provides a sample of actual host records (limited to 3) matching a domain query, plus information about how many total records exist.
Example:
3. IP Lookup (lookup_ip
)
Provides full context for an IP including DNS names, ASN, TLS certs, services, and location data.
Example:
4. New FQDN Discovery (new_fqdns
)
Find recently observed FQDNs for a domain from both DNS records and certificate transparency logs.
Example:
5. Host Services (host_services
)
Quickly identifies what ports are open on a given IP and what services are running.
Examples:
Installation
MCP Configuration
Add this to your Claude Desktop config:
Screenshot
mcp-censys in action via Claude Desktop, using the lookup_domain
, lookup_domain_detailed
and lookup_ip
tools:
This example shows a domain lookup request on
mailchimp.com
, returning IPs, ASN, subdomains, services and infrastructure — all from a natural language query.
This example shows a detailed domain lookup request on
mailchimp.com
, returning IPs, ASN, subdomains, BGP, TLS, information, services and infrastructure.
This example demonstrates an IP lookup on
23.204.1.14
, returning coordinates, forward and reverse DNS and services.
Troubleshooting
No Results Returned:
- Make sure the target is publicly visible
- Check your API key and rate limits
- DNS-based results rely on recent Censys observations
Performance Tips:
- Scan a single domain or IP at a time for faster results
- Use lookup_domain or lookup_ip for focused data
API Response Issues:
- If you experience errors with result formatting, ensure you're using the latest version
- The tools handle pagination automatically - lookup_domain collects all available results, while lookup_domain_detailed shows a limited sample
- For domains with many results, queries may take longer to complete due to multiple API requests
Limitations
- new_fqdns does not represent true "first seen" FQDNs; it filters by last observed timestamps
- This tool is intended for conversational, single-target analysis (not batch scans)
- lookup_domain_detailed only shows 3 records to keep responses manageable, even when more are available
License
MIT License
Acknowledgments
- Censys Python SDK (https://github.com/censys/censys-python)
- Model Context Protocol (https://modelcontextprotocol.io/)
- Claude Desktop (https://www.anthropic.com)
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A Model Context Protocol server that enables natural language querying of the Censys Search API for domain, IP, and FQDN reconnaissance, providing information about hosts, DNS, certificates, and services in real-time.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol server that allows AI agents to perform WHOIS lookups, enabling users to directly ask the AI about domain availability, ownership, registration details, and other domain information.Last updated -44,63134JavaScriptMIT License
- -securityAlicense-qualityA Model Context Protocol server that provides network analysis tools for security professionals, enabling AI models like Claude to perform tasks such as ASN lookups, DNS analysis, WHOIS retrieval, and IP geolocation for security investigations.Last updated -1PythonApache 2.0
- AsecurityAlicenseAqualityA discovery and recommendation service that helps AI assistants find Model Context Protocol servers based on natural language queries.Last updated -50356TypeScriptMIT License
- AsecurityAlicenseAqualityA Model Context Protocol tool that provides DNS querying capabilities for various record types (A, AAAA, MX, TXT, CNAME, NS, etc.) through a standardized MCP interface.Last updated -1TypeScriptMIT License